Alessandro Zifiglio

Customizing the ChangePassword control and removing the required CurrentPassword field

All posts have moved to Typps

See you there.



Filip Duyck said:

Nice, I think most people instantly change the randomly generated password to something more useful, so just giving them a link to do this reduces the number of steps necessary :) You could also put a link in the e-mail that cancels the token in case the user didn't request it himself!

# February 15, 2008 4:00 PM

alessandro said:

Filip, yes, the email for token invalidation is a very good idea indeed. Many thanks :D

# February 15, 2008 5:31 PM

JAndrews said:

Is there any way to prevent the password reset from logging in the user whose password we are resetting?  

I really want to use this example in ad administrative section but logging out the admin is not desirable.

Otherwise this code works perfect as advertised.


# February 18, 2008 9:38 AM

alessandro said:

JAndrews, Yes, you can do that. Basically the control is logging in the current user based on a certain condition.

It only logs the user in if the MembershipUser is approved, note that MembershipUser has an approved property or if the MembershipUser is not Locked out. So if both these conditions are true in your case, you can temporarily set approve to false on the membership user and update the membership, during the ChangingPassword event and re-enable it again immidiately in the ChantedPassword Event.

This is a workaround ofcourse, and since this is an admin feature, the extra hits to your db for these two operations might not seem like a big deal, so all in all i find this workaround feasible.

Good luck,


# February 18, 2008 10:05 AM

Don Wilcox said:

Do you use the PasswordRecovery control to manage the reset? If so, how do you retrieve the new (temporary) password so that you can tokenize it? I've look all over and cannot find  it.


# May 9, 2008 9:39 PM

Alvin said:

I've tried the code for problem <a>,

it's work on "CurrentPassword" and "CurrentPasswordRequired",

but not for "CurrentPasswordLabel" (.FindControl can't find it)

I'm work it on VS2008, any idea?


# August 1, 2008 5:29 AM

jamsy said:


# August 4, 2008 12:43 AM

CheGueVerra said:

An other solution for the RequiredFieldValidator is to put Junk in that field and change it in the ChangingPassword !!

How can I make an other user (depending on role) to be able to change any users passwords, because when the change is confirmed, that user becomes the logged one.

# August 8, 2008 6:25 PM

Danny117 said:

I'm getting closer just need to learn how to make a tokenized link

# January 4, 2009 8:20 PM

sukumarraju said:

Good one.. i think there are very few resources on this.

# February 9, 2011 12:33 PM